Our campus uses DUO. We're wondering whether it's possible to use that from
IPA. My main concern is that user interaction can take time.
I see that it's possible to raise the timeout. But is that safe to do? I'm
wondering whether otpd is really designed to have lots of threads waiting for
the u
Change "nsslapd-allow-anonymous-access" to "rootdse" in "cn=config" on all IPA
Servers:
$ ldapmodify -x -D "cn=Directory Manager" -W -h server.example.com -p 389 -ZZ
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
___
Jonathan,
You will want to set "nsslapd-allow-anonymous-access" within "cn=config"
to "rootdse":
$ ldapmodify -x -D "cn=Directory Manager" -W -h server.example.com -p
389 -ZZ
dn: cn=config
changetype: modify
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: rootdse
Check "How to disable anonymous binds" in these two references:
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/disabling-anon-binds.html
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/disabling-
Dear FreeIPA community and Dev Team,
We have installed some month ago freeipa throw ansible collection/role, and I
see that we can query the LDAP to get registered user. For us it is a medium
issue, I would like to know, how to allow LDAP query only through an
authentication.
Did you have a wik
> The docs aren't 100% clear on this, how do I use the WebUI to sign a tls cert
> with the
> CA
> I've tried adding via Authentication > Certificates > Certificates but it
> said
> it can't find the principal, and when I tick the add principal button, it
> says i
> cannot create a user principa